020101-contact-crm
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/export.pyandscripts/validate.pyutilize thesubprocessmodule to executepip installcommands. This allows the skill to modify the execution environment by installing software. - [EXTERNAL_DOWNLOADS]: The skill is configured to automatically fetch and install dependencies from the Python Package Index (PyPI) if they are missing at runtime.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by reading and processing data from external CSV files (
contacts.csv,organizations.csv,products.csv). If these files contain malicious instructions, they could influence agent behavior during data processing tasks. - Ingestion points: Data is loaded from CSV files in
scripts/contacts.py,scripts/organizations.py,scripts/products.py, andscripts/validate.py. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat CSV content as untrusted data.
- Capability inventory: The skill can perform file writes, shell command execution (via subprocess), and complex data processing.
- Sanitization: While the scripts perform basic string normalization and validation for functional purposes, there is no sanitization to prevent the interpretation of data as instructions.
Audit Metadata